Message I get from the icon to System Tool malware after removing the malware.

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 07, 2010 5:00 pm

I've just hopfully removed System Tools from my other computer but when I click on the icon for it, it states that "fdkKa02030.ex" has changed or been moved. Does this mean it may still be lurking somewhere on the computer or is there a good chance it is gone? I can't remember if those things say "it does not exist" or if the changed and move message is normal. The malware isn't poping up anywhere right now. Thanks Smile

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Sun Nov 07, 2010 6:10 pm

Hi,

Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Mon Nov 08, 2010 4:12 pm

Everytime I try to post the log from the computer that had the maleware, (actually I believe it still does since malewarebytes keeps finding a rootkit and removing it but as soon as my computer is restarted, its back and it finds it again, etc. ) it keeps saying Internet Explorer cannot display the webpage when I hit send and it doesn't go through. I'm on another comp right now to send this message, and to be honest I'm nervous about emailing it from that comp to this, any suggestions on how I can get it to send or do it from this comp without infecting this comp?

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Mon Nov 08, 2010 6:47 pm

Hi,

That just means the logs is too big. Please split it into multiple posts.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log

Post by Komodia on Mon Nov 08, 2010 6:51 pm

OTL logfile created on: 11/8/2010 11:37:55 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Imy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 39.57 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.16 Gb Free Space | 31.63% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKEPC | User Name: Imy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue

Post by Komodia on Mon Nov 08, 2010 6:52 pm

- [2010/11/08 11:35:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Imy\Desktop\OTL.exe
PRC - [2010/10/06 06:08:23 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/13 15:40:30 | 001,195,920 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/09/04 13:09:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/09/04 13:09:24 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/09/04 13:09:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/08/21 15:57:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/20 13:32:29 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2010/03/16 15:28:46 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/03/16 15:28:44 | 004,281,584 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2010/01/19 11:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/07/21 14:21:24 | 000,988,672 | ---- | M] (Mediafly) -- C:\Program Files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/03 05:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/08 22:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/03/17 08:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/11/01 13:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/27 20:54:54 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/27 20:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/27 20:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/24 01:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 01:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 01:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 01:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/07/20 16:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/03/15 17:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/02/14 15:23:18 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlcccoms.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (SafeList) ==========

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue part 3

Post by Komodia on Mon Nov 08, 2010 6:54 pm

MOD - [2010/11/08 11:35:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Imy\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/11/05 14:25:54 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/09/04 13:09:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/09/04 13:09:24 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/09/04 13:09:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/08/20 13:32:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/04/14 16:47:40 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/04/08 02:47:42 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/16 15:28:50 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/08 22:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/27 20:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/27 20:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/02/14 15:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue part 4

Post by Komodia on Mon Nov 08, 2010 6:56 pm

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2010/09/04 13:09:24 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/09/04 13:09:24 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/09/04 13:09:24 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/09/04 13:09:24 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/09/04 13:09:24 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/09/04 13:09:24 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/09/04 13:09:24 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/09/04 13:09:24 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/04 13:09:24 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 20:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/04/10 20:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/02/04 11:37:52 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/02/04 11:37:52 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/02/04 11:37:52 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/11 22:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/12/05 21:02:46 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nwdelser2.sys -- (NWDellPort2)
DRV - [2007/12/05 21:02:46 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelser.sys -- (NWDellPort)
DRV - [2007/12/05 21:02:46 | 000,092,288 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwdelmdm.sys -- (NWDellModem)
DRV - [2007/12/05 21:02:44 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nwadienum.sys -- (NWADI)
DRV - [2007/11/17 15:46:38 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2007/09/27 20:54:56 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/24 01:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/22 12:12:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/26 23:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/26 23:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/26 23:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 18:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue part 5

Post by Komodia on Mon Nov 08, 2010 6:58 pm

--- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 12:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 6

Post by Komodia on Mon Nov 08, 2010 7:00 pm

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 4F BB 97 6B 3E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-80-0-1m2SN"
FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-1m2SN&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/21 16:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/01 13:28:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010/11/06 06:59:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010/08/21 16:00:15 | 000,000,000 | ---D | M]

[2010/10/28 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions
[2009/07/28 11:54:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/22 05:41:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/20 18:06:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/07 15:53:01 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/11/02 15:05:23 | 000,000,000 | ---D | M] -- C:\Users\Imy\AppData\Roaming\mozilla\Firefox\Profiles\jhbc66sx.default\extensions\toolbar@ask.com
[2010/05/26 14:18:50 | 000,002,333 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\Mozilla\FireFox\Profiles\jhbc66sx.default\searchplugins\askcom.xml
[2010/05/07 15:53:02 | 000,000,737 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\Mozilla\FireFox\Profiles\jhbc66sx.default\searchplugins\bing-ff.xml
[2010/06/13 06:37:32 | 000,002,267 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\Mozilla\FireFox\Profiles\jhbc66sx.default\searchplugins\bing-zugo.xml
[2010/05/02 16:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/12 09:06:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:41:50 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{40fb31cf-b5d4-3627-67a1-190da6697a5d}
[2008/04/12 09:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/07/30 15:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/07/30 15:45:07 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/07/30 15:45:07 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/07/30 15:45:07 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/09/04 13:09:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/07/30 15:45:09 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/07/30 15:45:09 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/01/19 11:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
[2010/11/06 06:59:52 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 7

Post by Komodia on Mon Nov 08, 2010 7:01 pm

O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100921145953.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 8

Post by Komodia on Mon Nov 08, 2010 7:03 pm

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Mediafly SyncClient] C:\Program Files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe (Mediafly)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} [You must be registered and logged in to see this link.] (GoBit Games Player)
O16 - DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} [You must be registered and logged in to see this link.] (YBUICtrl.FloatWnd.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_12)
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} [You must be registered and logged in to see this link.] (canvidplayer8ctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Imy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Imy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 12:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 20:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0cc3dd70-d316-11dc-8e15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cc3dd70-d316-11dc-8e15-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/04/20 12:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{2fbfb960-d8e4-11dc-80d8-00038a000015}\Shell\AutoRun\command - "" = G:\LinksysConnectPC.exe -- File not found
O33 - MountPoints2\{2fbfb963-d8e4-11dc-80d8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2fbfb963-d8e4-11dc-80d8-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ad9b48c-a485-11df-bc7a-001d09beb46a}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 9

Post by Komodia on Mon Nov 08, 2010 7:05 pm

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 11:34:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Imy\Desktop\OTL.exe
[2010/11/05 14:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\fDkKa02030
[2010/11/05 10:17:25 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/31 12:21:55 | 000,000,000 | ---D | C] -- C:\CLASH_OF_THE_TITANS_2010
[2010/10/31 09:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/10/31 09:51:09 | 000,000,000 | ---D | C] -- C:\Users\Imy\Documents\DVDVideoSoft
[2010/10/31 09:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/10/31 09:42:51 | 008,280,880 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\Imy\FreeDVDDecrypter.exe
[2010/10/31 09:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010/10/31 09:32:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Users\Imy\dvdshrink32setup.exe
[2010/10/28 13:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/27 05:52:23 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 05:52:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/27 05:52:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/13 05:22:01 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 05:21:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 05:20:53 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 05:20:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 05:20:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 05:20:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 05:20:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 05:20:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 05:20:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 05:20:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 05:20:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 05:20:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 05:20:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 05:20:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 05:20:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 05:20:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 05:20:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 05:20:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 05:20:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 05:20:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 05:20:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 05:20:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 05:18:45 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 05:18:41 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 05:18:38 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/11 14:34:43 | 000,000,000 | ---D | C] -- C:\Users\Imy\AppData\Local\Electronic Arts
[2010/10/11 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/10/11 12:34:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2006/12/20 16:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlccpmui.dll
[2006/12/20 16:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlccserv.dll
[2006/12/20 16:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcccomm.dll
[2006/12/20 15:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcclmpm.dll
[2006/12/20 15:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcciesc.dll
[2006/12/20 15:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlccpplc.dll
[2006/12/20 15:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcccomc.dll
[2006/12/20 15:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlccprox.dll
[2006/12/20 15:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlccinpa.dll
[2006/12/20 15:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlccusb1.dll
[2006/12/20 15:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcchbn3.dll

========== Files - Modified Within 30 Days ==========

[2010/11/08 11:42:23 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
[2010/11/08 11:41:53 | 000,761,344 | ---- | M] () -- C:\Windows\System32\drivers\ckavutdwa.sys
[2010/11/08 11:40:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 11:35:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Imy\Desktop\OTL.exe
[2010/11/08 11:24:35 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/08 11:24:35 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 11:22:07 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk
[2010/11/08 11:20:24 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/08 11:20:06 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/08 11:20:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 11:20:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/11/08 11:19:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 11:19:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 11:19:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 11:19:23 | 2143,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 05:54:42 | 311,827,871 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/07 13:31:43 | 000,000,844 | ---- | M] () -- C:\Users\Imy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/07 13:31:43 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 10:39:58 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2010/11/06 06:59:14 | 000,001,072 | ---- | M] () -- C:\Windows\System32\Improve Your PC.lnk
[2010/11/06 04:42:11 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/05 14:25:54 | 000,053,248 | ---- | M] () -- C:\Windows\System32\FastUv32.dll
[2010/10/31 10:52:48 | 000,001,034 | ---- | M] () -- C:\Users\Imy\Desktop\DVDVideoSoft Free Studio.lnk
[2010/10/31 09:49:31 | 008,280,880 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\Imy\FreeDVDDecrypter.exe
[2010/10/31 09:32:58 | 001,117,491 | ---- | M] (DVD Shrink ) -- C:\Users\Imy\dvdshrink32setup.exe
[2010/10/30 05:38:46 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2010/10/28 13:16:00 | 000,834,048 | ---- | M] () -- C:\Users\Imy\Unit-09-Refrigerant---Ozone.pps
[2010/10/14 05:19:14 | 000,321,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 14:34:23 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

========== Files Created - No Company Name ==========

[2010/11/08 11:19:23 | 2143,354,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/07 13:31:43 | 000,000,844 | ---- | C] () -- C:\Users\Imy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/07 10:39:47 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/07 09:46:13 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk
[2010/11/06 08:36:44 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
[2010/11/06 06:59:14 | 000,001,072 | ---- | C] () -- C:\Windows\System32\Improve Your PC.lnk
[2010/11/05 14:26:37 | 000,761,344 | ---- | C] () -- C:\Windows\System32\drivers\ckavutdwa.sys
[2010/11/05 14:25:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2010/10/31 09:51:11 | 000,001,034 | ---- | C] () -- C:\Users\Imy\Desktop\DVDVideoSoft Free Studio.lnk
[2010/10/28 13:15:50 | 000,834,048 | ---- | C] () -- C:\Users\Imy\Unit-09-Refrigerant---Ozone.pps
[2010/10/11 14:34:23 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/03/26 05:15:26 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/26 05:15:26 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/02 10:13:10 | 000,118,784 | ---- | C] () -- C:\Windows\System32\PTTreeIcons.dll
[2009/12/21 14:19:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/01 11:18:42 | 000,000,680 | ---- | C] () -- C:\Users\Imy\AppData\Local\d3d9caps.dat
[2008/02/16 17:14:00 | 000,027,145 | ---- | C] () -- C:\Users\Imy\AppData\Roaming\nvModes.001
[2008/02/16 17:13:59 | 000,027,145 | ---- | C] () -- C:\Users\Imy\AppData\Roaming\nvModes.dat
[2008/02/12 07:57:53 | 000,000,356 | ---- | C] () -- C:\Users\Imy\AppData\Roaming\wklnhst.dat
[2008/02/11 13:16:48 | 000,030,720 | ---- | C] () -- C:\Users\Imy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/04 11:38:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/04 04:01:43 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/07 11:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcccoin.dll
[2007/01/26 06:11:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
[2007/01/26 06:11:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
[2007/01/26 06:09:58 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
[2007/01/26 05:59:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
[2007/01/26 05:58:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
[2007/01/26 05:57:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
[2007/01/26 05:57:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlccins.dll
[2007/01/26 05:53:46 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
[2007/01/22 01:24:50 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
[2006/11/07 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlccvs.dll
[2005/04/01 10:44:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcccnv4.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/11 22:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 03:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 03:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >
[2007/12/11 22:02:12 | 003,444,736 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\System32\WLTRAY.EXE

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/11/08 11:49:51 | 000,761,344 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\ckavutdwa.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/01 23:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/10 22:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/01 23:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/01 23:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/01 23:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/01 23:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/01 23:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/01 23:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/01 23:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 10

Post by Komodia on Mon Nov 08, 2010 7:09 pm

[2006/11/01 23:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/01 23:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/01 23:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/01 23:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/01 23:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/01 23:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/08/31 05:27:38 | 002,038,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 16:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2010/01/02 10:13:14 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/04 11:38:38 | 000,005,328 | RH-- | M] () -- C:\dell.sdr
[2009/01/30 09:14:35 | 000,001,850 | ---- | M] () -- C:\dlcc.log
[2010/11/08 11:19:23 | 2143,354,880 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/27 12:12:37 | 000,003,202 | -H-- | M] () -- C:\IPH.PH
[2008/02/04 04:01:38 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/04 04:01:38 | 000,022,729 | ---- | M] () -- C:\newkey
[2008/05/07 12:35:14 | 000,001,142 | ---- | M] () -- C:\NTDClient.log
[2010/11/08 11:19:19 | 2459,234,304 | -HS- | M] () -- C:\pagefile.sys
[2010/11/07 13:28:21 | 000,000,444 | ---- | M] () -- C:\rkill.log
[2008/02/04 04:01:35 | 000,001,812 | ---- | M] () -- C:\SetWiFiBT.txt
[2008/02/04 04:22:35 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2008/03/27 12:11:34 | 000,000,382 | -H-- | M] () -- C:\T4Metrics.log
[2008/04/24 20:45:35 | 000,000,156 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2010/09/12 15:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/02/13 11:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/02/13 11:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2008/02/04 04:21:25 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Install
[2010/04/04 07:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/11/07 09:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/11/02 15:05:23 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/04/04 07:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/02/04 04:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/01/19 10:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/01/19 09:25:15 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2008/02/04 04:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/10/31 09:50:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/10/31 09:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008/02/04 03:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/02/04 04:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/02/04 04:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/02/04 04:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/03/30 06:09:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 924
[2008/02/04 04:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/02/04 11:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2008/02/04 04:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/08/09 14:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/02/04 04:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2010/10/11 14:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/17 17:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2008/06/05 10:22:58 | 000,000,000 | ---D | M] -- C:\Program Files\Funcom
[2010/01/26 06:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/21 07:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2010/11/07 09:52:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/14 05:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/04 07:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/04 07:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/03/10 14:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/18 18:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\JL2005C
[2008/03/27 17:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Laplink
[2008/05/05 12:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys EasyLink Advisor
[2010/11/07 13:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 10:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mars
[2008/05/26 11:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2010/11/06 05:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/09/21 11:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/07/06 17:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mediafly
[2009/01/23 06:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/02/04 04:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/30 04:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/12/21 18:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/02 08:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/06/26 07:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/02/04 04:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/08/13 09:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/07/29 13:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2008/07/30 15:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/02/15 11:50:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/01/02 10:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\MyDSC2
[2010/03/20 05:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2008/09/20 18:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2008/02/04 04:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/02/04 04:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2009/03/16 16:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/04/04 07:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/08/21 15:59:04 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/10/30 06:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/30 06:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\RegWork
[2009/12/27 18:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2008/02/04 04:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/05/07 15:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Search Toolbar
[2008/02/04 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/01/02 10:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\Snap 'n Share
[2008/06/24 10:21:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/03/17 17:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/12/02 16:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/09/21 11:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2009/07/29 13:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/02/13 11:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/02/20 16:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/02/20 16:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/02/20 16:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/20 16:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2008/10/18 16:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/09/16 06:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 05:16:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/02/20 16:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/02/22 06:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/03/16 12:21:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Resource Kits
[2010/02/20 16:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/03/17 18:00:15 | 000,000,000 | ---D | M] -- C:\Program Files\Winferno
[2010/03/06 19:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/12/27 18:14:31 | 000,000,006 | -HS- | M] () -- C:\Users\Imy\AppData\Roaming\desktop.ini
[2010/03/25 18:47:30 | 000,027,145 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\nvModes.001
[2010/02/25 19:30:36 | 000,027,145 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\nvModes.dat
[2010/08/10 07:40:48 | 000,000,356 | ---- | M] () -- C:\Users\Imy\AppData\Roaming\wklnhst.dat

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 11

Post by Komodia on Mon Nov 08, 2010 7:14 pm

< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/02/04 11:22:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\agp440.sys
[2008/02/04 11:22:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/02/04 11:22:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/02/04 11:22:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/02/04 11:23:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/02/04 11:23:40 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/04 11:23:24 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/02/04 11:37:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/02/04 11:37:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/02/04 11:37:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/02/04 11:37:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/02/04 11:22:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/02/04 11:22:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/02/04 11:23:24 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/02/04 11:23:24 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/15 11:53:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/15 11:53:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/15 11:53:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/15 11:53:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 12

Post by Komodia on Mon Nov 08, 2010 7:16 pm

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 13

Post by Komodia on Mon Nov 08, 2010 7:19 pm

[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved OTL.txt log continue Part 14

Post by Komodia on Mon Nov 08, 2010 7:22 pm

< MD5 for: USBSTOR.SYS >
[2008/02/04 11:31:36 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/02/04 11:31:36 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/02/04 11:31:36 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/18 21:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/18 21:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 00:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Problem with sending end of log

Post by Komodia on Mon Nov 08, 2010 7:28 pm

The last part of the log it isn't letting me end, I get the 'internet explorer cannot display webpage' again and I don't think that part is to big since it seems much smaller than the other pieces I have post up just now.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Extras.txt Part 1

Post by Komodia on Mon Nov 08, 2010 7:32 pm

OTL Extras logfile created on: 11/8/2010 11:37:55 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Imy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 39.57 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.16 Gb Free Space | 31.63% Space Free | Partition Type: NTFS
Drive E: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKEPC | User Name: Imy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1775B85C-DFDD-44D4-BC62-9C18A20927EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{21EB9AE0-5AF6-4C88-985E-D21E65B9CD7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{316CF5F7-6D60-4A26-BB38-208A1AE0F262}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4EF99945-1260-4510-A0EE-D5CF64DDB45E}" = lport=139 | protocol=6 | dir=in | app=system |
"{62761EDA-2741-44B5-967A-B629F95D06AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F5B5283-E22B-4A09-B6D6-0C9279957041}" = lport=445 | protocol=6 | dir=in | app=system |
"{90249BB7-25D2-40E6-91E6-CA1A5DDB512D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AA5F85EE-F58C-43C3-B671-67A2309984E6}" = rport=445 | protocol=6 | dir=out | app=system |
"{B5A4098E-6951-4220-A378-20AE426F4C9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE8EE5BE-234F-4CC4-9C53-ADDD739ED50A}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7278A92-A6AA-46BD-8F27-F4D2A283E6A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E54E3EC1-51A1-45BA-96EF-073D3D3FF808}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F0B745-DD37-49DB-9A59-B0ACF56AECF7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0A0E6488-1FC3-4EDD-BBA2-590CB871B5FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{10285127-23AF-41DD-B38B-C51B86AC79FF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1696CEE2-FBC4-4FDD-B4F0-41780F9A8EF6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1C9DEFD4-A901-49CC-88F4-DDFC92522D6B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{22406B5D-7301-48FB-94FF-BA9B452FD836}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2F9073A9-3A62-4C84-9EF6-C43F4C0B86FF}" = protocol=17 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{362747F1-9F48-4B24-BB38-7A3F08949030}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{3D5FC450-7650-4510-9E82-FDB034AD5928}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{4A3A8C2E-EDDE-4E92-BF6B-E49A35FB74D9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{53B623C7-A8C3-4297-B755-D8CF7D71D11B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{571BC7A8-041C-44C3-9E7D-4826307D4AA6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6815611E-C83A-4DDA-B3F0-6E922B96B8F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68DC4188-1FE6-49CC-B656-1525C33DC36E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{6E18EE89-A831-4223-9427-F877D98B6296}" = protocol=6 | dir=in | app=c:\windows\system32\dlcccoms.exe |
"{6F1BCE2F-482D-489B-8135-1A60B0F21981}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6FDCC721-65BC-42B7-A332-3C43D679F3E7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{706D4C81-F42D-44B0-8C54-78CC42841D93}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{816EC57C-52E6-42FD-8E57-26B0EFBA86B5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{913A8F9B-D590-408C-B7BF-EF9FFCCC31EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{96F08B47-7497-49E7-A8B2-E72B0E1E9BA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CD8B59E-7FD9-4251-AF65-394E21CC9CB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AAFA765C-7EEC-46E7-87BD-ED02C0466320}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C8583E85-CE56-46F8-AD1E-9510F5B3AE19}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCDFE1E0-A8B4-4295-A348-79FD3EA7EC65}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{CF03476B-D163-4633-BC0B-067AAD40571A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{CF3A17C7-E401-4465-9C10-F65E58ED3538}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D13F630A-CE35-4F67-9CF6-60CE6412425A}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{D5DD35E4-690E-4D1E-83E2-1F9F874219D8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{E250AD0B-2C6D-42FF-85E3-D9D7917D9FA5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E5948A31-CD05-4DC6-8057-8C4B282C885B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{E6CC0CB8-57E4-4D19-B2AE-D82EE09C3E95}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{E8F96CF6-A3EA-4FD8-940D-24D93E847616}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{EA14E693-6884-4542-9CDE-2B326A70DEC1}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EC5E9B35-ED05-4B16-8A90-1B3D7DEDEE81}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F01E4A9A-48A6-4368-B62E-E8A253057343}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F5BED2CD-DA60-4C72-9286-3E5CF178C71D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{FA38CAD4-98C9-466A-BA8A-A8503E98B57A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FDB762C7-0138-441B-B8A1-BBA06FD8B0D5}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"TCP Query User{2605020B-C89D-494C-A3E6-5349C28AFEEB}C:\program files\aol 9.0\waol.exe" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"TCP Query User{294B745F-54E0-496D-9FAA-5C0455ED369C}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{3B4036FD-D3B1-4944-83A9-15AB3FD1D3E2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{495FC6B2-FE88-4B38-8C1C-32F87695441F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4B3908B8-AF9D-4E99-907D-9D435C75E915}C:\program files\laplink\filemover\sfthost.exe" = protocol=6 | dir=in | app=c:\program files\laplink\filemover\sfthost.exe |
"TCP Query User{A462E55C-62A4-4B36-8DA6-A482E776E5D3}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{E45D4340-FFA9-4AB8-A782-1A877A04730D}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{E544FF6F-82E7-4C34-96DC-BA36E8BC6C8C}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{F127FF53-334D-459D-A651-D7E447E42F4D}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{F84F8300-D805-46FC-A03B-5EE75259DFB9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FCAADD9E-DBC6-469B-BF06-94B80A8F94B8}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{1BA3197E-DDED-4082-B8A3-E4A18DE35507}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2949FD1F-A7A7-4E50-9379-1609938AFED5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{31160D38-DEB0-4321-82F2-03D10CF27C86}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{3C1146A7-B296-40A3-BCE6-D1BE11CADAF7}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{59781A8E-1385-4729-BCDF-9C90C775F779}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{667FA93C-DC62-4124-AC09-D469EA4E6997}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{8851FAD0-9B28-491D-83B8-1EBE3E0192D3}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{BB1E0D3B-7E73-4177-8613-9514214E9C74}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{D2D881E4-B1F7-43FF-AA49-948FCDA67196}C:\program files\aol 9.0\waol.exe" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"UDP Query User{D848B30F-F045-4694-A693-090167A2E565}C:\program files\laplink\filemover\sfthost.exe" = protocol=17 | dir=in | app=c:\program files\laplink\filemover\sfthost.exe |
"UDP Query User{F1DEDEEC-DC9C-411E-BBDE-98017C772C47}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Extras.txt Part2

Post by Komodia on Mon Nov 08, 2010 7:34 pm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{795A1906-3342-49BE-82E7-A67CB96E7E10}" = Mediafly SyncClient
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = FileMover
"{E1B8BDDB-5F8A-421E-BF5B-78D589EA28DB}" = Dell Mobile Broadband Card Utility
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MX320 series User Registration" = Canon MX320 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EADM" = EA Download Manager
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0042)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.65
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSC" = Verizon Internet Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.18
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"SnapNShare" = Snap 'n Share
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2010 1:55:33 PM | Computer Name = MikePC | Source = System Restore | ID = 8193
Description =

Error - 11/7/2010 1:58:08 PM | Computer Name = MikePC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 808 Start Time: 01cb7ea52a9bb809 Termination Time: 9

Error - 11/7/2010 2:05:23 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:05:23 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:05:24 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:05:24 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:05:24 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:05:24 PM | Computer Name = MikePC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2010 2:14:11 PM | Computer Name = MikePC | Source = EventSystem | ID = 4609
Description =

Error - 11/7/2010 2:30:56 PM | Computer Name = MikePC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 5/25/2010 6:41:24 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 15:41:23, Tue, May 25, 10 Error - Unable to gain access to user store


Error - 6/19/2010 4:24:06 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 13:24:06, Sat, Jun 19, 10 Error - Unable to gain access to user store


Error - 6/21/2010 12:27:25 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 09:27:24, Mon, Jun 21, 10 Error - Unable to gain access to user store


Error - 7/29/2010 10:53:48 AM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 07:53:48, Thu, Jul 29, 10 Error - Unable to gain access to user store


Error - 8/9/2010 6:35:10 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 15:35:10, Mon, Aug 09, 10 Error - Unable to gain access to user store


Error - 8/26/2010 10:21:45 AM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 07:21:44, Thu, Aug 26, 10 Error - Unable to gain access to user store


Error - 9/16/2010 11:25:52 AM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 08:25:51, Thu, Sep 16, 10 Error - Unable to gain access to user store


Error - 11/4/2010 1:57:56 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 10:57:55, Thu, Nov 04, 10 Error - Unable to gain access to user store


Error - 11/5/2010 6:41:43 PM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 15:41:43, Fri, Nov 05, 10 Error - Unable to gain access to user store


Error - 11/6/2010 9:28:56 AM | Computer Name = MikePC | Source = WLAN-Tray | ID = 0
Description = 06:28:55, Sat, Nov 06, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 5/26/2008 12:59:02 PM | Computer Name = Imy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 8:42:04 AM | Computer Name = Imy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 8:57:15 AM | Computer Name = Imy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/2/2008 10:41:14 PM | Computer Name = Imy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/8/2010 3:12:23 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:15:33 PM | Computer Name = MikePC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11/8/2010 3:16:27 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/8/2010 3:16:27 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/8/2010 3:20:32 PM | Computer Name = MikePC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Mon Nov 08, 2010 7:35 pm

That was the end of the extras log, it went through with no problem

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Tue Nov 09, 2010 11:31 pm

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Updater For My.Freeze.com Toolbar) - {C26CD490-5F01-41E3-B150-EB29F19DA056} - C:\Program Files\myfreezetoolbar\auxi\myfreezetoolbAu.dll File not found
    O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No CLSID value found.
    O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
    O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
    O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll File not found


    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Wed Nov 10, 2010 5:48 pm

After doing those steps I'm unable to get on internet explorer on that computer to finish the last few steps, when I click on IE it says "Illegal operation attempted on a registery key that has been marked for deletion"

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Wed Nov 10, 2010 5:55 pm

I restarted my computer and internet explorer came up so now I'll try to get the log

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Combofix log

Post by Komodia on Wed Nov 10, 2010 6:20 pm

ComboFix 10-11-09.03 - Imy 11/10/2010 15:00:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1222 [GMT -8:00]
Running from: c:\users\Imy\Desktop\commy.exe
Command switches used :: /stepdel
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.

2010-11-10 23:13 . 2010-11-10 23:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-10 22:25 . 2010-11-10 23:14 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL
2010-11-05 22:26 . 2010-11-07 21:42 -------- d-----w- c:\programdata\fDkKa02030
2010-10-31 20:21 . 2010-10-31 20:21 -------- d-----w- C:\CLASH_OF_THE_TITANS_2010
2010-10-31 17:51 . 2010-10-31 17:51 -------- d-----w- c:\program files\Conduit
2010-10-31 17:50 . 2010-11-03 20:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-31 17:42 . 2010-10-31 17:49 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:34 . 2010-10-31 19:46 -------- d-----w- c:\programdata\DVD Shrink
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-10-28 21:13 . 2010-11-02 23:05 -------- d-----w- c:\program files\Ask.com
2010-10-27 13:52 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:52 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 13:52 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-13 13:22 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 13:22 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 13:21 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 13:21 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 13:21 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 13:21 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 13:21 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 13:21 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 13:21 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 13:21 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 13:18 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 13:18 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 13:18 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 13:18 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 22:52 . 2010-09-21 15:07 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A74917A-31DE-484B-8BCA-F061AEAE8518}\mpengine.dll
2010-09-04 21:09 . 2010-09-21 19:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 21:09 . 2010-09-21 19:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-04 21:09 . 2010-09-21 19:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-04 21:09 . 2010-09-21 19:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-04 21:09 . 2010-09-21 19:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-04 21:09 . 2010-09-21 19:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-04 21:09 . 2010-09-21 19:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 21:09 . 2010-09-21 19:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-27 01:53 . 2010-08-27 01:53 6153376 ----a-w- c:\users\Imy\mbam-setup.exe
2010-08-26 16:33 . 2010-10-27 13:52 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 13:52 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 13:52 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 13:52 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 22:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - ckavutdwa
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-10 15:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-10 15:16:46
ComboFix-quarantined-files.txt 2010-11-10 23:16
ComboFix2.txt 2010-11-10 22:25

Pre-Run: 43,054,395,392 bytes free
Post-Run: 43,047,006,208 bytes free

- - End Of File - - CCDED70E8EBD0C80A206B28E4586B57E

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Fri Nov 12, 2010 12:20 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\programdata\fDkKa02030

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =

    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.



I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved ComboFix log

Post by Komodia on Fri Nov 12, 2010 2:16 pm

ComboFix 10-11-12.01 - Imy 11/12/2010 10:55:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1168 [GMT -8:00]
Running from: c:\users\Imy\Desktop\Commy.exe
Command switches used :: c:\users\Imy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\fDkKa02030
c:\programdata\fDkKa02030\fDkKa02030

.
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-12 19:06 . 2010-11-12 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-10 22:25 . 2010-11-12 19:07 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL
2010-10-31 20:21 . 2010-10-31 20:21 -------- d-----w- C:\CLASH_OF_THE_TITANS_2010
2010-10-31 17:51 . 2010-10-31 17:51 -------- d-----w- c:\program files\Conduit
2010-10-31 17:50 . 2010-11-03 20:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-31 17:42 . 2010-10-31 17:49 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:34 . 2010-10-31 19:46 -------- d-----w- c:\programdata\DVD Shrink
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-10-28 21:13 . 2010-11-02 23:05 -------- d-----w- c:\program files\Ask.com
2010-10-27 13:52 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:52 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 13:52 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-13 13:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-21 15:07 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A74917A-31DE-484B-8BCA-F061AEAE8518}\mpengine.dll
2010-09-08 06:01 . 2010-10-13 13:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:20 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 13:21 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:21 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:21 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:21 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-04 21:09 . 2010-09-21 19:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 21:09 . 2010-09-21 19:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-04 21:09 . 2010-09-21 19:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-04 21:09 . 2010-09-21 19:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-04 21:09 . 2010-09-21 19:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-04 21:09 . 2010-09-21 19:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-04 21:09 . 2010-09-21 19:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 21:09 . 2010-09-21 19:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-31 15:46 . 2010-10-13 13:20 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:20 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:18 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:18 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 01:53 . 2010-08-27 01:53 6153376 ----a-w- c:\users\Imy\mbam-setup.exe
2010-08-26 16:37 . 2010-10-13 13:20 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 13:52 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 13:52 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 13:52 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 13:52 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-20 16:05 . 2010-10-13 13:18 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-15 22:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - ckavutdwa
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-12 11:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-12 11:10:50
ComboFix-quarantined-files.txt 2010-11-12 19:10
ComboFix2.txt 2010-11-10 23:16
ComboFix3.txt 2010-11-10 22:25

Pre-Run: 43,011,133,440 bytes free
Post-Run: 43,042,574,336 bytes free

- - End Of File - - C0F33C60F3B732D42A2FB0937ABA0EB2

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Fri Nov 12, 2010 2:17 pm

Combo fix had updated before it scanned, just letting you know since I dont know if that would interfer with anything or not.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Sat Nov 13, 2010 1:56 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    RegLockDel::
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.



I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Combofix Log

Post by Komodia on Sat Nov 13, 2010 11:42 am

ComboFix 10-11-12.06 - Imy 11/13/2010 8:22.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1218 [GMT -8:00]
Running from: c:\users\Imy\Desktop\Commy.exe
Command switches used :: c:\users\Imy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 16:36 . 2010-11-13 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-12 18:51 . 2010-11-12 19:10 -------- d-----w- C:\Commy
2010-11-10 22:25 . 2010-11-13 16:37 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL
2010-10-31 20:21 . 2010-10-31 20:21 -------- d-----w- C:\CLASH_OF_THE_TITANS_2010
2010-10-31 17:51 . 2010-10-31 17:51 -------- d-----w- c:\program files\Conduit
2010-10-31 17:50 . 2010-11-03 20:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-31 17:42 . 2010-10-31 17:49 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:34 . 2010-10-31 19:46 -------- d-----w- c:\programdata\DVD Shrink
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-10-28 21:13 . 2010-11-02 23:05 -------- d-----w- c:\program files\Ask.com
2010-10-27 13:52 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:52 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 13:52 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-13 13:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-21 15:07 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A74917A-31DE-484B-8BCA-F061AEAE8518}\mpengine.dll
2010-09-08 06:01 . 2010-10-13 13:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:20 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 13:21 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:21 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:21 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:21 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-04 21:09 . 2010-09-21 19:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 21:09 . 2010-09-21 19:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-04 21:09 . 2010-09-21 19:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-04 21:09 . 2010-09-21 19:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-04 21:09 . 2010-09-21 19:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-04 21:09 . 2010-09-21 19:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-04 21:09 . 2010-09-21 19:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 21:09 . 2010-09-21 19:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-31 15:46 . 2010-10-13 13:20 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:20 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:18 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:18 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 01:53 . 2010-08-27 01:53 6153376 ----a-w- c:\users\Imy\mbam-setup.exe
2010-08-26 16:37 . 2010-10-13 13:20 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 13:52 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 13:52 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 13:52 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 13:52 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-20 16:05 . 2010-10-13 13:18 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-15 22:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - ckavutdwa
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-13 08:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6080)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-11-13 08:39:46
ComboFix-quarantined-files.txt 2010-11-13 16:39
ComboFix2.txt 2010-11-13 16:09
ComboFix3.txt 2010-11-12 19:10
ComboFix4.txt 2010-11-10 23:16
ComboFix5.txt 2010-11-13 16:20

Pre-Run: 43,039,256,576 bytes free
Post-Run: 43,013,140,480 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CCE8ADEC3F68F3787D26E268F40A19ED

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Sun Nov 14, 2010 1:05 am

Hi,

Persistent little service. -.-

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    ckavutdwa

    RegLockDel::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.



I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Combo Log

Post by Komodia on Sun Nov 14, 2010 10:51 am

ComboFix 10-11-12.06 - Imy 11/14/2010 7:16.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.941 [GMT -8:00]
Running from: c:\users\Imy\Desktop\Commy.exe
Command switches used :: c:\users\Imy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CKAVUTDWA
-------\Service_ckavutdwa


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 15:32 . 2010-11-14 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-14 15:16 . 2010-11-14 15:16 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-12 18:51 . 2010-11-12 19:10 -------- d-----w- C:\Commy
2010-11-10 22:25 . 2010-11-14 15:36 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL
2010-10-31 20:21 . 2010-10-31 20:21 -------- d-----w- C:\CLASH_OF_THE_TITANS_2010
2010-10-31 17:51 . 2010-10-31 17:51 -------- d-----w- c:\program files\Conduit
2010-10-31 17:50 . 2010-11-03 20:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-31 17:42 . 2010-10-31 17:49 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:34 . 2010-10-31 19:46 -------- d-----w- c:\programdata\DVD Shrink
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-10-28 21:13 . 2010-11-02 23:05 -------- d-----w- c:\program files\Ask.com
2010-10-27 13:52 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:52 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 13:52 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-13 13:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-21 15:07 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A74917A-31DE-484B-8BCA-F061AEAE8518}\mpengine.dll
2010-09-08 06:01 . 2010-10-13 13:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:20 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 13:21 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:21 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:21 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:21 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-04 21:09 . 2010-09-21 19:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 21:09 . 2010-09-21 19:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-04 21:09 . 2010-09-21 19:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-04 21:09 . 2010-09-21 19:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-04 21:09 . 2010-09-21 19:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-04 21:09 . 2010-09-21 19:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-04 21:09 . 2010-09-21 19:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 21:09 . 2010-09-21 19:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-31 15:46 . 2010-10-13 13:20 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:20 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:18 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:18 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 01:53 . 2010-08-27 01:53 6153376 ----a-w- c:\users\Imy\mbam-setup.exe
2010-08-26 16:37 . 2010-10-13 13:20 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 13:52 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 13:52 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 13:52 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 13:52 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-20 16:05 . 2010-10-13 13:18 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-15 22:47 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"MRT"="c:\windows\system32\MRT.exe" [2010-11-14 35758536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 iptarslm;iptarslm;c:\windows\system32\drivers\iptarslm.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CKAVUTDWA
*Deregistered* - ckavutdwa
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-14 07:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1620)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2010-11-14 07:43:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 15:43
ComboFix2.txt 2010-11-13 16:39
ComboFix3.txt 2010-11-13 16:09
ComboFix4.txt 2010-11-12 19:10
ComboFix5.txt 2010-11-14 15:13

Pre-Run: 44,743,327,744 bytes free
Post-Run: 44,362,113,024 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A32650E782BDFD308B49C972F2E37829

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 14, 2010 10:52 am

My Malwarebytes always removes it, says its a rootkit but it always returns when my computer turns back on. I really hate these things Sad tearing

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Wed Nov 17, 2010 11:55 pm

Hi,

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Registry keys to delete:
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Thu Nov 18, 2010 11:26 am

When i clicke on The Avenger link I get 404 Not Found web page. Also when coping the text, do I the text that also says "CODE:" that is in the box or I start with "Registry" in the box?

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Fri Nov 19, 2010 1:39 pm

Hi,

Please copy everything after Code:.

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:
Registry keys to delete:
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Avenger

Post by Komodia on Sat Nov 20, 2010 11:00 am

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Nov 20 07:52:22 2010

07:52:14: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sat Nov 20, 2010 11:25 am

what is a hijackthis log? is it running the otl?

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Sun Nov 21, 2010 2:04 pm

Hi,

My bad syntax error. Indifferent or Blank

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying
Code:
Registry keys to delete:
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved avenger log

Post by Komodia on Sun Nov 21, 2010 7:49 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa" for deletion
Deletion of registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)


Completed script processing.

*******************

Finished! Terminate.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 21, 2010 7:52 pm

And what is a hijackthis log?

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Tue Nov 23, 2010 5:16 pm

Hi,

My bad. You don't need a Hijackthis log. Please run ComboFix again.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Log

Post by Komodia on Wed Nov 24, 2010 12:14 am

ComboFix 10-11-23.02 - Imy 11/23/2010 20:49:01.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1108 [GMT -8:00]
Running from: c:\users\Imy\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\zip.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 05:00 . 2010-11-24 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-22 00:43 . 2010-11-22 00:43 0 ----a-w- C:\backup.reg
2010-11-20 15:36 . 2010-11-22 00:43 574 ----a-w- C:\cleanup.bat
2010-11-14 15:16 . 2010-11-14 15:53 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-13 15:43 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-12 18:51 . 2010-11-12 19:10 -------- d-----w- C:\Commy
2010-11-10 22:25 . 2010-11-24 05:00 -------- d-----w- c:\users\Imy\AppData\Local\temp
2010-11-10 20:41 . 2010-11-10 20:41 -------- d-----w- C:\_OTL
2010-10-31 20:21 . 2010-10-31 20:21 -------- d-----w- C:\CLASH_OF_THE_TITANS_2010
2010-10-31 17:51 . 2010-10-31 17:51 -------- d-----w- c:\program files\Conduit
2010-10-31 17:50 . 2010-11-03 20:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-10-31 17:42 . 2010-10-31 17:49 8280880 ----a-w- c:\users\Imy\FreeDVDDecrypter.exe
2010-10-31 17:34 . 2010-10-31 19:46 -------- d-----w- c:\programdata\DVD Shrink
2010-10-31 17:32 . 2010-10-31 17:32 1117491 ----a-w- c:\users\Imy\dvdshrink32setup.exe
2010-10-28 21:13 . 2010-11-02 23:05 -------- d-----w- c:\program files\Ask.com
2010-10-27 13:52 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 13:52 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 13:52 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-13 13:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-21 15:07 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A74917A-31DE-484B-8BCA-F061AEAE8518}\mpengine.dll
2010-09-08 06:01 . 2010-10-13 13:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 13:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 13:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 13:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 13:20 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 13:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 13:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 13:21 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 13:21 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 13:21 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 13:21 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 13:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-04 21:09 . 2010-09-21 19:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 21:09 . 2010-09-21 19:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-04 21:09 . 2010-09-21 19:16 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 21:09 . 2010-09-21 19:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-04 21:09 . 2010-09-21 19:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-04 21:09 . 2010-09-21 19:16 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-04 21:09 . 2010-09-21 19:16 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-04 21:09 . 2010-09-21 19:16 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 21:09 . 2010-09-21 19:16 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-31 15:46 . 2010-10-13 13:20 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 13:20 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 13:18 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 13:18 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 01:53 . 2010-08-27 01:53 6153376 ----a-w- c:\users\Imy\mbam-setup.exe
2010-08-26 16:37 . 2010-10-13 13:20 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 13:52 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 13:52 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 13:52 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 13:52 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-20 21:32 . 2008-07-25 23:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-07-30 23:45 . 2008-04-12 17:06 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-30 23:45 . 2008-04-12 17:06 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-30 23:45 . 2008-04-12 17:06 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-09-04 21:09 . 2010-09-21 19:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-30 23:45 . 2008-04-12 17:06 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-30 23:45 . 2008-04-12 17:06 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Mediafly SyncClient"="c:\program files\Mediafly\Mediafly SyncClient\Mediafly.SyncClient.App.exe" [2009-07-21 988672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-01-19 323280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-03-16 4281584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-13 1195920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 svzdjvhl;svzdjvhl;c:\windows\system32\drivers\svzdjvhl.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9e93133c12a;Google Update Service (gupdate1ca9e93133c12a);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 133104]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-20 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-09-04 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-09-04 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-04-08 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-09-04 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-09-04 141792]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2010-03-16 689392]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-09-04 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-09-04 312904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-09-04 84264]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]


--- Other Services/Drivers In Memory ---

*Deregistered* - ckavutdwa
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 14:21]

2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{2DCB5E78-FE5C-4697-8923-9D5F5ABBD7A3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - [You must be registered and logged in to see this link.]
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\jhbc66sx.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Bing
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-23 21:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ckavutdwa]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\S-1-5-21-2913991826-235692695-175414458-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,71,f3,b3,d8,b2,dc,cf,3d,98,05,b7,16,cc,93,97,a4,47,90,01,ff,
31,54,b9,04,07,85,b3,75,47,6e,20,cb,e5,8f,56,98,29,61,98,0e,71,5f,6c,48,df,\
"rkeysecu"=hex:94,c3,24,e1,fc,ed,c3,f2,3e,03,25,20,fa,3a,7c,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-23 21:04:27
ComboFix-quarantined-files.txt 2010-11-24 05:04
ComboFix2.txt 2010-11-14 15:43
ComboFix3.txt 2010-11-13 16:39
ComboFix4.txt 2010-11-13 16:09
ComboFix5.txt 2010-11-24 04:45

Pre-Run: 43,738,775,552 bytes free
Post-Run: 43,804,082,176 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6
- - End Of File - - 93FFA46208067900C078D299BF1E49F8

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Fri Nov 26, 2010 2:50 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Fri Nov 26, 2010 2:59 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Sneakyone on Sun Nov 28, 2010 3:37 pm

Hi,

How is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 28, 2010 8:02 pm

On my anti maleware software, malewarebytes, it still finds a rootkit agent on the quick scan. I alway remove it but as soon as the computer starts up again it is back. When I did one of the scans I was told too, I believe the combo.ex one, my computer beep and it did say it had found my Master Boot to be infected. I have wonder if I did the log correctly for that scan since afterwards I couldn't get on the net and ende up retarting the comp and the scan started again and I took that log, after that I had started saving the logs ahead of time so I can get them back to paste up if I had to restart. Down below I'm pasting my log from the anit malware program, malewarebytes just incase it might help.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 28, 2010 8:03 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5067

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/28/2010 4:55:42 PM
mbam-log-2010-11-28 (16-55-42).txt

Scan type: Quick scan
Objects scanned: 146618
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\ckavutdwa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Message I get from the icon to System Tool malware after removing the malware.

Post by Komodia on Sun Nov 28, 2010 8:03 pm

Even though it get deleted, it is always back when i start up the computer.

Komodia
Intermediate
Intermediate

Posts Posts : 71
Joined Joined : 2010-11-07
OS OS : Vista
Points Points : 23271
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum